﻿// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.


using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using System.Collections.Generic;

namespace IdentityServer
{
    public static class Config
    {
        public static IEnumerable<IdentityResource> IdentityResources()
        {
            return new List<IdentityResource>
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
                //new IdentityResource ("user_info", new List<string> { JwtClaimTypes.Role }){ Required = true}
            };
        }


        public static IEnumerable<ApiScope> ApiScopes()
        {
            return new List<ApiScope>
            {
                new ApiScope("client_scope1", "第一个client_scope") { UserClaims = { JwtClaimTypes.Name, JwtClaimTypes.Role, JwtClaimTypes.Email, JwtClaimTypes.WebSite } },
                new ApiScope("client_scope2", "第二个client_scope") { UserClaims = {  JwtClaimTypes.Name, JwtClaimTypes.Role, JwtClaimTypes.Address,   }
            }
            };
        }

        public static IEnumerable<ApiResource> ApiResources()
        {
            return new ApiResource[]
             {
                new ApiResource("api1","ApiResource1")
                {
                    Scopes={"client_scope1","client_scope2" },
                   // UserClaims={}
                },
               new ApiResource("api2","ApiResource2")
                {
                    Scopes={"client_scope2" },
                   // UserClaims={}
                }
             };
        }

        public static IEnumerable<Client> Clients()
        {
            return new List<Client>
            {
                // machine to machine client
                new Client
                {
                    ClientId = "client",
                    ClientSecrets = { new Secret("secret".Sha256()) },
                    RequirePkce = false,
                    AllowedGrantTypes = GrantTypes.ClientCredentials,
                    // scopes that client has access to
                    AllowedScopes = { "client_scope2" },
                  //  AccessTokenLifetime=10
                },

                new Client
                {
                    ClientId = "client_user",
                    ClientSecrets = { new Secret("secret".Sha256()) },
                    RequirePkce = false,
                    AllowedGrantTypes = GrantTypes.ResourceOwnerPassword,
                    // scopes that client has access to
                    AllowedScopes = { "client_scope2" },
                //    AccessTokenLifetime=10

                },
                
                // interactive ASP.NET Core MVC client
                new Client
                {
                    ClientId = "mvc",
                    ClientSecrets = { new Secret("secret".Sha256()) },
                    RequirePkce = false,
                    AllowedGrantTypes = GrantTypes.Code,
                 //    AccessTokenLifetime=10,
                 // 是否需要同意授权 （默认是false）
                    RequireConsent=true,
                    //登录后， 跳转客户端的地址
                    RedirectUris = {

                        "http://localhost:7152/signin-oidc",
                        "http://localhost:7152/swagger/oauth2-redirect.html",

                        "http://localhost:7386/signin-oidc",
                    },
                    
          

                    //登出后， 跳转客户端的地址
                    PostLogoutRedirectUris = {
                        "http://localhost:7152/signout-callback-oidc",
                        "http://localhost:7386/signout-callback-oidc",
                    },//跳转登出的客户端的地址
                    AllowOfflineAccess = true,

                    AllowedScopes = new List<string>
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "client_scope2"
                        //"user_info"
                    }
                }
            };
        }
    }
}